Device and method for centralized data management and a access control to databases

ABSTRACT

A profile access mediator ( 10 ) provides to a plurality of service providers ( 16, 18, 20 ) a controlled and logically centralized access to personal profiles stored in a local or distributed database ( 12 ). The access to the databases ( 12 ) containing user, service or terminal profiles is controlled and tracked by means of a plurality of personalized access technologies which are dependent on the typology of the data involved. Such scheme allows a better control of the data access, more efficiency in the security and accounting processes, as well as in the data access in general.

FIELD OF THE INVENTION

The present invention refers to telecommunication systems and inparticular to a device and a method for storing and controlling theaccess, from a plurality of remote entities within a multimedia and/ortelecommunication service network, to a plurality of heterogeneousdatabases for storing user and service information.

In a telecommunication market which is every day more competitive, awinning element for a service provider is the ability to offerpersonalized services for final users. Users are expecting new servicesand applications and, even more important, new and user-friendly ways toaccess and use the telephony, internet and multimedia services.

BACKGROUND ART

In the present scenario, in which a multiplicity of services are offeredby a plurality of service/content providers, the information relative touser, service and terminal profiles are spread over a great number ofdatabases, and very often the same profile is doubled in two or evenmore distinct locations.

As an example, a user who subscribes a telephone service and an internetservice (internet access, voice over IP, content access) has usuallydifferent profiles stored in different databases. In such a case theuser profile is not unique, because is split at least in a “telephoneprofile” and an “internet profile”, and in addition the distinctprofiles reside on different database servers.

A typical situation in which a single user is associated to differentprofiles is shown in FIG. 1. Two different services, a telephone service2 and an internet service 4 offer services to a single user, eachservice has a proprietary database for storing user profiles. A firstdatabase 6 is used by the telephone service 2 for storing a telephoneprofile, while a second database 8 is connected to the internet service4 for storing an internet profile for the same user.

In a system configuration as the one shown in FIG. 1 it is not possibleto assure the consistency and uniqueness of the information relative toa single user, in fact a user is unable to apply the same changes toboth services, for example if he wishes to redirect calls to aparticular terminal, for both traditional calls and VoIP sessions.

Therefore a change in the profile information must be replicatedindependently on both databases, either the change is made by a user orby a network/service administrator. Such a system is therefore noteasy-to-use for single users and not easy-to-manage for network/serviceadministrators.

Considering furthermore that the number of services offered is alwaysincreasing, especially in the field of multimedia and content deliveryservices, it is clear that any increase in the number of databases usedfor storing user, service or terminal profiles, introduces difficultiesin managing correctly the corresponding information.

In US2002/0073066 is disclosed a data brokerage system for sellingaccess to data, such as data stored in a data warehouse used for exampleby retailers or financial institutions to store transaction information,inventory information etc. The problems addressed in US2002/0073066 aremainly the necessity to offer differentiated views over data, to trackaccesses and to manage different kinds of data.

In the system disclosed in US2002/0073066 the management of data isassigned to a data warehouse having a rigid structure, wherein, forexample, the access technologies are not customized for differenttypologies of data and the reading interfaces allow the access to alimited and predetermined subset of data.

The Applicant has tackled the problem of managing more efficiently theinformation relative to user, service and terminal profiles in amultimedia/telecommunication environment. In a system in which thenumber of services offered is constantly increasing and their naturechanges very frequently, the new services must be highly personalized,both by the service provider (e.g. commercial offer, provisioning andassurance) and by the end user (e.g. subscription, configuration,access). To this purpose are very important the integration of internetapplications with other services, such as next generation telephony, andinnovative ways of handling user, terminal and service profiles and datawithin the network.

The Applicant observes that, in a next generation telecommunicationnetwork, most of the data relative to personal profiles is replicated ina large number of different databases. Such redundancy does not allow anend user, as well as a service/content provider, to manage such personalinformation in an efficient, secure and reliable way.

The Applicant is of the opinion that, for a better data management, mostof the personal profiles needed in a multimedia/telecommunicationnetwork must be managed by a logically centralized management system.The personal profiles can anyway belong to different administrativedomains.

In view of the above, it is an object of the invention to provide adevice and a method for centrally managing personal profiles, assuringat the same time a high level of security as regards the access controlto the databases containing such profiles in a telecommunicationnetwork.

SUMMARY OF THE INVENTION

According to the invention that object is achieved by means of alogically centralized system for managing the access, from remoteentities within a telecommunication network supporting Voice over IP,multimedia and internet services, to heterogeneous profiles stored inboth local or distributed databases. The access to the databasescontaining user, service or terminal profiles is controlled and tracked;a plurality of personalized access technologies are present which aredependent on the typology of the data involved. Such scheme allows abetter control of the data access, more efficiency in the security andaccounting processes, as well as in the data access in general.Moreover, in the system realized according to the invention, theexternal visibility of the profiles is personalized towards the typologyof the request made by the remote entities and their privileges.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be described, by way of example only, withreference to the annexed figures of drawing, wherein:

FIG. 1 is a block diagram of a prior art profile access managementsystem;

FIG. 2 is a schematic view of services interacting with a profile accessmediator realized according to the present invention;

FIG. 3 is a detailed block diagram of a profile access mediator realizedaccording to the present invention; and

FIG. 4 is a diagram showing the interaction between different layers ofa profile access mediator during a profile access operation.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION

With reference to the block diagram of FIG. 2, a profile access mediator10, realized according to the invention, provides to a plurality ofservice providers 16, 18, 20 a controlled and logically centralizedaccess to personal profiles.

As shown in FIG. 2, a plurality of services, hereinafter referred to as“remote entities”, for example a Voice over IP (VoIP) service 16, anInternet service 18 and a Multimedia service 20, interact with a singleprofile access mediator 10 for accessing various profiles logicallycentralized in a single directory server 12. All the accesses to thedirectory server 12 are handled by a plurality of interfaces,represented in figure by block 14, whose architecture will be disclosedin detail hereinafter with reference to FIG. 3.

The single profile access mediator 10 manages in a flexible way theinformation related to users, terminals and services, informationglobally referred to as “profiles”, migrating them from service-specificnetwork distributed databases to logically centralized repositories.

The use of logically centralized repositories enables the informationconsistency by having a unique repository, modified and read bydifferent entities at any time. The profile access mediator 10 is amediation device both for the access technology to the data (LDAP,RDBMS, XMLDB, etc.) and for administrative purposes (scalability,security, accountability, etc.).

The block diagram of FIG. 3 is a detailed scheme of a profile accessmediator 10 realized according to the invention, including a firstplurality of databases 44, 46, 48 and a set of interfaces, referencedglobally as 14, for managing and centrally controlling the access, fromany of the remote entities 16, 18, 20 to the first plurality ofdatabases 44, 46, 48 and to a second plurality of databases 50 externalto the profile access mediator 10.

The first plurality of databases comprises User, Service and TerminalProfile Databases 44, containing personal information characterizingprofiles of single users, information characterizing the configurationof services for different users, and the terminals used in the networkby the users, Multimedia Accounting Databases 46 containing accountinginformation for multimedia services and Internet Accounting Databases 48containing accounting information for Internet Services.

The second plurality of databases 50, situated in a logically orphysically remote location relatively to profile access mediator 10, arecapable of storing, for example, service profiles for services providedby third party service providers or information regarding user locationfor mobile services.

The set of interfaces 14 comprises two main blocks, a plurality ofadapters 26 and a data provider 24.

The adapters 26 include a plurality of different adapters towardinternal 44, 46, 48 and external databases 50, each adapter being ableto manage a corresponding typology of database. Each adapter iscustomized for a particular typology of database, so that each accessoperation can be performed independently from the particular technologyof a single database.

In FIG. 3 are represented three particular adapters, a LDAP adapter 38,a RDBMS adapter 40 and a XMLDBs adapter 42, nevertheless the number andnature of the adapters can vary and depends on the different typologiesof the corresponding databases that the system has to manage.

The LDAP adapter 38 is developed for reading and writing profiles viaLDAP protocol on Directory Server, for managing repositories that areparticularly efficient in frequent accesses to small quantities of data.

The RDBMS adapter 40 is developed for managing Session Detail Recordsrelated to multimedia sessions.

The XMLDBs adapter 42 is developed for interfacing new generation XMLdatabases for managing Session Detail Records related to internetsessions.

The data provider 24 is the block exposing access services to data (API)by means of remote interfaces, and includes the following basic blocks:

a plurality of application interfaces 28 (API) toward remote entities,each application interface being able to manage different mechanisms foraccessing databases;

an Authentication unit 52;

an Authorization unit 37;

an Accounting/Security unit 36;

a Security Policy Repository 64 hosting information about securitypolicies;

an Activity Log 62 hosting information about access tracking.

The application interfaces 28 (API) are the interfaces contacted by theremote entities 16, 18, 20 (client applications) for obtaining availableservices; the API can be classified in trusted application interfaces30, in case the access is requested by authorized applications, anduntrusted application interfaces 32, in case the access is requested byunknown applications.

The application interfaces 28 allows the access to databases 44, 46, 48and 50 in read mode, write mode for entering new information, write modefor modifying existing information, write mode for deleting informationand search mode.

The access to the application interfaces 28 (API) depends on a pluralityof authorizations contained in an XML descriptor which allows or deniesthe use of the interfaces to the remote entities requesting access.

The application interfaces API 28 can be classified in:

read/search, concerning reading operations of data; the safety rulesdefined a priori influence the use of this kind of API from differentusers.

write, concerning writing operations of data; the safety rules defined apriori influence the use of this kind of API from different users.

creation of profiles, concerning writing operations of data; the safetyrules defined a priori influence the use of this kind of API fromdifferent users, usually only the System Administrators are qualifiedfor recalling such interfaces.

cancellation, concerning writing operations of data; the safety rulesdefined a priori influence the use of this kind of API from differentusers, in particular cases only the System Administrators are qualifiedfor recalling such interfaces (e.g. cancellation of profiles).

The Authentication Unit 52 is in charge of recognizing the remoteentities. The authentication functionalities are provided by therun-time environment.

The authorization unit 37 is in charge of authorizing the remoteentities to use the adapters 26, by means of the verification of theessential requirements and the management of a correspondingauthorization to use. The basic authorization functionalities areprovided by the run-time environment, while extensions are neededtowards more granular authorization mechanisms.

The Accounting unit 36 is in charge of tracking the accesses to internal44, 46, 48 and external databases 50, by means of the registration, foreach access, of information related to the identity of the remote entitythat made the access, to the access times and to the data exchangedduring the access; the information collected by the accounting unit 36is useful for enforcing billing models.

The profile access mediator 10 comprises therefore two software layers24 and 26 that allow to de-couple the application interfaces (API) andthe interaction functionalities with data repositories, and offer a verygood flexibility in interaction with different typologies ofrepositories.

The main functions of the profile access mediator 10 are:

Authentication, for identification of the remote entity connected to themediator. This functionality uses the Java Authentication andAuthorization Service (JAAS).

Authorization, for allowing or denying the use of specific availableinterfaces; the authorization is declarative and programmatic and isexpressed by a file descriptor (XML descriptor) for the access policiesto APIs.

Profile Reading, for partial or whole reading of a profile correspondingto one of the considered entities (user/terminal/service); the readingis made according to a method present in the adapter, with theassistance of the Java Naming and Directory Interface (JNDI) librariesimplementing the LDAP protocol for accessing Directory Servers. If theprofile is to be read on a RDBMS, the method sends an SQL query to theserver by means of the database implemented according to Java Data BaseConnectivity (JDBC) specifics.

Profile Creation or Deletion; the procedure is the same previouslydescribed for the “Profile Read” function;

Profile Modification; the procedure is the same previously described forthe “Profile Read” function;

Search by keywords; if the search is made on a Directory Server, themethod in charge of this operation arranges the search filter and callsthe suitable JNDI method for directory query; if the search is made onRDBMS, the method charged with this operation receives the values neededfor arranging the filter and passes it, as a parameter, to a JDBC methodfor the search on a relational database.

The profiles managed by the access mediator 10 are, for example:

User Profiles, containing personal information such as:

-   -   personal data (name, surname, date of birth, etc.) and personal        account data (user-id, password, personal identifier);    -   personalization of the service environment, containing the list        of the user terminals, the last IP terminal used by the user,        the list of last called numbers and the list of subscribed        services with corresponding utilization counters to trace the        number of service accesses

Service Profiles; every user is able to modify the personal profilerelative to any subscribed service as regards its right to use.

Terminal Profiles, defining logically and physically each terminalrecognized by the system as belonging to the domain; such profilescomprise two distinct branches separately stored in the DirectoryServer, general terminals and network connected terminals:

the general terminals branch contains the information relative todifferent types of hardware and software devices, according to technical(e.g. IP Phone having specific codecs) and product characteristics(specific model of a manufacturer);

the network connected terminals branch stores the informationcharacterizing “logically” the device, as for example, the IP addressfor a IP Phone and a descriptive string.

Session Detail Records, defining the tracing of the multimedia sessionscoming from and towards the user; they contain information such asstart/end date/time of the session, caller and called ID, terminals ID,QoS information.

The profile access mediator 10 operates according to a method comprisingthe following steps:

receiving an access request from any of the remote entities 16, 18, 20;

authenticating the remote entity by means of the identification of theremote entity requesting the access;

providing a logically centralized access to the databases for storingpersonal profiles by means of a plurality of application interfaces 28suitable for managing different mechanisms for accessing databases andby means of a plurality of adapters 26 toward the databases, eachadapter being able to manage a corresponding typology of database;

tracking the access by means of the registration of information relatedto the identity of the remote entity that effected the access, theaccess time and the data exchanged during access.

Preferably, the step of authenticating the remote entity comprisesauthorizing the remote entity by means of the verification of essentialrequirements and the management of a corresponding authorization to use.

The profile access mediator 10 can be implemented as a computer programcomprising computer program code means adapted to perform all the stepsof the method above disclosed, when said program is run on a computer.The computer program is embodied on a computer readable medium.

The block diagram of FIG. 4 shows an example of interaction betweendifferent layers of a profile access mediator during a profile accessoperation. In particular the diagram refers to a reading request,performed by a user, of the latest called numbers.

The following operations correspond to the references <1> to <12> shownin FIG. 4:

<1> The Data Provider 24 of the Profile Access Mediator receives, from aclient application, a reading request of a portion of a user profile,that is a method of a specific EJB is recalled;

<2> The Data Provider 24 verifies if the entity requesting the access isauthorized, contacting the Security Policy Repository 64;

<3> The Data Provider 24 receives from the Security Policy Repository 64the answer to previous request;

<4> The Data Provider 24 performs additional authorization tasks andrecords into the Activity Log 62 the accounting information;

<5> The interface side of the Adapter layer 26 receives the readingrequest from the Data Provider 24 and determines to which DAO class(Direct Access Object) the request is to be forwarded;

<6> The interface side with the data source of the Adapter layer 26receives the reading request and forward it, by means of the JNDIlibraries, to the Directory Server;

<7> The Directory Server 12 receives and processes the request;

<8>, <9>, <10> The data are forwarded to the client application thatmade the request, going back through layers up to the clientapplication.

<11> The Data Provider 24 records into Activity Log 62 the normal orabnormal termination of the request

<12> The data are forwarded to the client application that made therequest, going back through layers up to the client application.

1. A device (10) for storing personal profiles and for controlling theaccess, from a plurality of remote entities (16, 18, 20) within atelecommunication network supporting a plurality of services, todatabases storing said personal profiles, characterised in that saiddevice (10) comprises a first plurality of databases (44, 46, 48) andinterfaces (24, 26) for managing and centrally controlling the access,from any of said remote entities (16, 18, 20), to said first pluralityof databases (44, 46, 48) and to a second plurality of databases (50),said interfaces (24, 26) comprising: a plurality of adapters (26) towardsaid first (44, 46, 48) and second (50) plurality of databases, eachadapter being able to manage a corresponding typology of database; aplurality of application interfaces (28) toward said plurality of remoteentities (16, 18, 20) able to manage different mechanisms for accessingdatabases; an authentication unit (52), for identification of saidremote entities; an authorization unit (37) for authorizing said remoteentities (16, 18, 20) to use said adapters (26), by means of theverification of essential requirements and the management of acorresponding authorization to use; an accounting unit (36) for trackingthe accesses to said first (44, 46, 48) and second (50) plurality ofdatabases.
 2. A device according to claim 1, wherein said accountingunit (36) tracks the accesses to said first (44, 46, 48) and second (50)plurality of databases by means of the registration, for each access, ofinformation related to the identity of the remote entity that made theaccess, to the access times and to the data exchanged during access. 3.A device according to claim 1, wherein said plurality of servicescomprises Voice over IP or multimedia or internet services.
 4. A deviceaccording to claim 1, wherein said adapters (26) allow the access tosaid first and second plurality of databases independently from theparticular technology of the database.
 5. A device according to claim 1,wherein the access to said application interfaces (28) depends on aplurality of authorizations contained in an XML descriptor.
 6. A deviceaccording to claim 1, wherein said interfaces (24, 26) allow the accessto said first (44, 46, 48) and second (50) plurality of databases bymeans of trusted application interfaces (30), in case the access isrequested by authorized applications, and by means of untrustedapplication interfaces (32), in case the access is requested by unknownapplications.
 7. A device according to claim 6, wherein said interfaces(24, 26) allow the access to said first (44, 46, 48) and second (50)plurality of databases in a read mode.
 8. A device according to claim 6,wherein said interfaces (24, 26) allow the access to said first (44, 46,48) and second (50) plurality of databases in a write mode for enteringnew information.
 9. A device according to claim 6, wherein saidinterfaces (24, 26) allow the access to said first (44, 46, 48) andsecond (50) plurality of databases in a write mode for modifyingexisting information.
 10. A device according to claim 6, wherein saidinterfaces (24, 26) allow the access to said first (44, 46, 48) andsecond (50) plurality of databases in a search mode.
 11. A deviceaccording to claim 1, wherein said first plurality of databases (44, 46,48) contain information characterising a user in terms of user profile.12. A device according to claim 11, wherein said user profile comprisesidentity, personal data, preferences, subscribed services and usedterminals.
 13. A device according to claim 1, wherein said firstplurality of databases (44, 46, 48) contain information characterising aservice in terms of service profile.
 14. A device according to claim 13,wherein said service profile comprises information characterising theconfiguration of services for different users.
 15. A device according toclaim 1, wherein said first plurality of databases (44, 46, 48) containinformation characterising the terminals used in said multimedia and/ortelecommunication service network.
 16. A device according to claim 15,wherein said information characterising the terminals are stored into ageneric terminal profile database, containing information relative tostatic characteristics of terminals, and into a network terminal profiledatabase, containing information relative to dynamic characteristics ofterminals.
 17. A telecommunication network comprising a device forstoring personal profiles and for controlling the access, from aplurality of remote entities, to databases storing said personalprofiles, characterized in that said device (10) is realized accordingto any of claims 1 to
 16. 18. A method of providing the access todatabases for storing personal profiles, to a plurality of remoteentities (16, 18, 20) within a telecommunication network supportingVoice over IP and/or multimedia and/or internet services, and forcontrolling said access, characterised in that it comprises thefollowing steps: receiving an access request from any of said remoteentities (16, 18, 20); authenticating said remote entity by means of theidentification of the remote entity requesting the access; providing alogically centralized access to said databases for storing personalprofiles by means of a plurality of application interfaces (28) suitablefor managing different mechanisms for accessing databases and by meansof a plurality of adapters (26) toward said databases, each adapterbeing able to manage a corresponding typology of database; tracking saidaccess by means of the registration of information related to theidentity of the remote entity that effected the access.
 19. A method asclaimed in claim 18, wherein said step of tracking said access comprisescollecting information about the access time and the data exchangedduring access.
 20. A method as claimed in claim 18, wherein said step ofauthenticating said remote entity comprises authorizing said remoteentity by means of the verification of essential requirements and themanagement of a corresponding authorization to use.
 21. A computerprogram comprising computer program code means adapted to perform allthe steps of any of claims 17 to 19 when said program is run on acomputer.
 22. A computer program as claimed in claim 21 embodied on acomputer readable medium.